Granting access to Azure application service log stream

asked 2022-06-06T22:54:43.3+00:00
MrFlinstone 406 Reputation points

Hi All.

I granted a user monitoring reader role but found out that they are still unable to access the application service log stream. Can someone confirm what permissions are required for access to the application service log stream.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,804 questions
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2022-06-07T08:16:33.607+00:00
    AnuragSingh-MSFT 9,976 Reputation points Microsoft Employee

    Hi @MrFlinstone

    Thanks for posting the question.

    I see that you are trying to understand the minimum permission required to access the "AppService Log Stream". Please note that the "Monitoring Reader" role provides access to "monitoring" data i.e., the metrics and AppServiceHTTPLogs and AzureMetrics table in Logs. However, the log files can contain sensitive information, such as IP addresses or usernames. In order to avoid unauthorized access to such sensitive information, Contributor or Owner roles are required. You may refer to the following link for more details on it - Security considerations for monitoring data.

    Please let me know if you have any questions.

    ---
    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    No comments